Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk Open Source和Certified Asterisk 输入验证漏洞
Vulnerability Description
Digium Asterisk是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source和Certified Asterisk的main/http.c文件中存在安全漏洞。远程攻击者可通过发送带有大量Cookie头信息的HTTP请求利用该漏洞造成拒绝服务(栈消耗),也可能执行任意代码。以下版本受到影响:Asterisk Open Source 1.8.26.1之前的1.8.x版本,11.8.1之前的
CVSS Information
N/A
Vulnerability Type
N/A